@kr33pt profile picture
Keerthi @kr33pt

Cyber Security Enthusiast

Joined April 2017
  • Tweets 3,152
  • Following 964
  • Followers 159
16 Photos and videos
Keerthi retweeted
Joseph Cox
@josephfcox
24 Jan 2024
New from 404 Media: inside a global phone spy tool that takes data from ads inside normal apps to monitor billions. Company removed videos while I was asking questions; we archived in the article. Google has now cut-off a connected company in response. 404media.co/inside-global-ph…

Inside a Global Phone Spy Tool Monitoring Billions

A wide-spanning investigation by 404 Media reveals more details about a secretive spy tool that can tracks billions of phone profiles through the advertising industry called Patternz. Google has...

404media.co
6
227
430
80,477
Keerthi retweeted
Matthew Green
@matthew_d_green
8 Nov 2023
I did not know, but I guess I did imagine, that car manufacturers were intercepting and sharing text messages with law enforcement. Seems like a pretty terrible idea, unless there’s more to this story. therecord.media/class-action…

Court rules automakers can record and intercept owner text messages

A Seattle-based appellate judge ruled that the practice does not meet the threshold for an illegal privacy violation under state law, handing a big win to automakers Honda, Toyota, Volkswagen and...

therecord.media
19
135
379
152,977
Keerthi retweeted
Ian Beer@i41nbeer
13 Oct 2023
Earlier this year @AmnestyTech and @_clem1 from Google TAG found an in-the-wild iPhone zero day full chain. Today I’m publishing my analysis of the Safari sandbox escape component, the first in-the-wild sample to break into the new Safari GPU process.
5
110
394
92,055
Keerthi retweeted
Maddie Stone@maddiestone
27 Sep 2023
.@_clem1 discovered another ITW 0-day in use by a commercial surveillance vendor: CVE-2023-5217. Thank you to Chrome for releasing a patch in TWO 🤯day!! chromereleases.googleblog.co…

Stable Channel Update for Desktop

The Stable channel has been updated to 117.0.5938.132 for Windows, Mac and Linux, which will roll out over the coming days/weeks. A full lis...

chromereleases.googleblog.com
6
80
289
71,420
Keerthi retweeted
Maddie Stone@maddiestone
22 Sep 2023
Who needs a 0-click when you have MITM? ✨ Working with @billmarczak & @citizenlab we discovered 3 iOS and 1 Chrome 0-day from Intellexa, used to install Predator spyware in Egypt 🇪🇬 blog.google/threat-analysis-…

0-days exploited by commercial surveillance vendor in Egypt

blog.google
6
274
919
327,240
Keerthi retweeted
Omer Benjakob@omerbenj
14 Sep 2023
🚨SCOOP: My new @Haaretzcom investigation reveals new Israeli cyber companies developed technology that exploits the heart of the online economy - ads - not just for mass surveillance, but also to hack phones 👇 haaretz.com/israel-news/2023…

Revealed: Israeli cyber firms developed an 'insane' new spyware tool. No defense exists

***

haaretz.com
23
488
787
284,921
Keerthi retweeted
Sí, soy yo@nuria_imeq
1 Sep 2023
Mashing Enter to bypass full disk encryption with TPM, Clevis, dracut and systemd pulsesecurity.co.nz/advisori…

Mashing Enter to bypass full disk encryption with TPM, Clevis, dracut and systemd

This vulnerability allows a physically-present attacker to control the full disk encryption unlock process and gain complete access to decrypted content in some cases where a TPM, dracut and Clevis...

pulsesecurity.co.nz
9
157
610
542,326
Keerthi retweeted
Joseph Cox
@josephfcox
22 Aug 2023
New—hackers have access to a powerful chain of data that lets them dox nearly anyone in US for $15. With credit cards your address goes to the credit bureaus. That is then sold to companies, and the hackers tap into that. Targets include Musk, Rogan, Biden 404media.co/the-secret-weapo…

The Secret Weapon Hackers Can Use to Dox Nearly Anyone in America for $15

Violent criminals who rob, assault, and shoot targets have found a way to tap into data from credit bureaus.

404media.co
25
436
1,143
288,537
Keerthi retweeted
BleepingComputer
@BleepinComputer
17 Aug 2023
Thousands of Android APKs use compression trick to thwart analysis - @billtoulas bleepingcomputer.com/news/se…

Thousands of Android APKs use compression trick to thwart analysis

Threat actors increasingly distribute malicious Android APKs (packaged app installers) that resist decompilation using unsupported, unknown, or heavily tweaked compression algorithms.

bleepingcomputer.com
51
71
12,734
Keerthi retweeted
quarkslab@quarkslab
14 Aug 2023
Need to access those precious encrypted kitten pics but you can't unlock your phone ? Don't worry, in this blog post @max_r_b and @DamianoMelotti will take you in a journey to the depths of #Android's file-based encryption so you know what to do. blog.quarkslab.com/android-d…
the cryptographic entrails of a modern Android phone

ALT the cryptographic entrails of a modern Android phone

4
47
96
11,790
Keerthi retweeted
Georgy Kucherin
@kucher1n
21 Jun 2023
Our next blogpost on #iOSTriangulation (securelist.com/triangledb-tr…) is finally out. Today we are ready to share details about the final payload used in the attack, which is a #spyware implant that we dubbed #TriangleDB @bzvr_ @2igosha [1/3]

Dissecting TriangleDB, a Triangulation spyware implant

In researching Operation Triangulation, we set ourselves the goal to retrieve as many parts of the exploitation chain as possible. As of now, we have finished analyzing the spyware implant and are...

securelist.com
3
108
220
117,155
💣💣 The inevitable has happened. #CoWINDataLeak reported by @thefourthlive @ManoramaDaily is a largest #DigitalPublicInfrastructure disaster. Thread on some impacts.
Jikku Varghese Jacob@Jikkuvarghese
12 Jun 2023
🚨 The Details given by you to the #Cowin portal can be accessed by anyone if they know your mobile number or Aadhaar. A telegram bot was sharing data including Name, Aadhaar/passport, Date of Birth, Gender, Vaccination centre etc. (1/n) #Manorama
10
150
163
66,802
Keerthi retweeted
Wolfie Christl@WolfieChristl
8 Jun 2023
A while back, I stumbled upon a file I consider the largest piece of evidence revealing how hundreds of data brokers trade personal data on everyone, including very sensitive data, globally. Massive investigation by @themarkup and German @netzpolitik_org: themarkup.org/privacy/2023/0…

From “Heavy Purchasers” of Pregnancy Tests to the Depression-Prone: We Found 650,000 Ways Adverti...

A spreadsheet on ad platform Xandr’s website revealed a massive collection of “audience segments” used to target consumers based on highly specific, sometimes intimate information and inferences

themarkup.org
8
421
958
211,853
Keerthi retweeted
Sibin@sibinmohan
1 Jun 2023
India seems to be the new destination for “Hacking for hire” operatives. A lack of ethics and legal action allows these people to operate freely. I’m sure a lot of them are even hand in glove with the government. newyorker.com/news/annals-of…

A Confession Exposes India’s Secret Hacking Industry

The country has developed a lucrative specialty: cyberattacks for hire.

newyorker.com
1
5
10
1,066
Hundreds of models of Gigabyte motherboards, used in gaming and other high-performance computers, have a backdoor in their firmware that invisibly downloads code to the machine at startup—and does so insecurely, leaving the feature open to abuse. wired.com/story/gigabyte-mot…

Millions of PC Motherboards Were Sold With a Firmware Backdoor

Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.

wired.com
14
222
460
124,106
Keerthi retweeted
Markus Vervier
@marver
31 May 2023
The recording of my @offensive_con talk about eSIM is online: Embedded Threats: A Deep Dive into the Attack Surface and Security Implications of eSIM Technology youtu.be/5oecn43xsDg?t=1085 #OffensiveCon23

OffensiveCon23 - Markus Vervier - Embedded Threats

Embedded Threats: A Deep Dive into the Attack Surface and Security ...

youtube.com
18
49
6,274
Keerthi retweeted
@mikko
@mikko
29 May 2023
In which we describe one of our incident response engagements where five different actors were observed exploiting the same victim for completely different purposes. withsecure.com/en/expertise/…

1
11
35
13,087
Keerthi retweeted
mgeeky | Mariusz Banach@mariuszbit
16 May 2023
☢️MSI leaked code signing certificate already abused by Threat Actors (expires in 2024). I've collected 9 recently leaked certificates to cover up in upcoming Modern Initial Access training sessions🔥 bit.ly/456uq9u 👾 Already weaponised in Red Macros Factory 1.8!
1
97
262
43,558
Keerthi retweeted
0xor0ne
@0xor0ne
13 May 2023
Nice intro for beginners to bluetooth communications reverse engineering (Domyos EL500) Credits @Palantir555 jcjc-dev.com/2023/03/19/reve… #bluetooth
2
149
552
57,671
Keerthi retweeted
0xor0ne
@0xor0ne
12 May 2023
A couple of nice blog posts for learning about Linux process injection (specifically sshd injection for credential harvesting) @_xpn_: blog.xpnsec.com/linux-proces… @jm33_m0: jm33.me/sshd-injection-and-p… #sshd #processinjection #redteam #infosec #cybersecurity #Linux
6
127
436
42,358
Load more